Authentication Support for OAuth 2.0
This feature is already included in the product roadmap.
Karan what the expected date for this? because is blocking point for us to migrate to APIdog?
We anticipate having this feature supported and live within Q1 of this year.
Just wanted to let you know that I found a workaround. I now use a Post Request at the start of my Tests that gets the Bearer Token. Then I save that token into an env-variable. Then I set my auth tab to “Bearer Token” and insert it with the env-variable. The credentials for the initial post request can be saved in secure pipeline variables and then get passed over to apidog with --env-var.
This way you can use OAuth 2.0 fully automatically in the CI/CD-Pipeline
If your OAuth server support Password grant type. You can attempt to employ a pre-processor script for this purpose. The following is an example of OAuth 2.0 authenticating against Microsoft:
pm.test("Check for collectionVariables", function () {
let vars = ['clientId', 'clientSecret', 'tenantId', 'username', 'password', 'scope'];
vars.forEach(function (item, index, array) {
pm.expect(pm.collectionVariables.get(item), item + " variable not set").to.not.be.undefined;
});
if (!pm.collectionVariables.get("bearerToken") || Date.now() > new Date(pm.collectionVariables.get("bearerTokenExpiresOn") * 1000)) {
pm.sendRequest({
url: 'https://login.microsoftonline.com/' + pm.collectionVariables.get("tenantId") + '/oauth2/v2.0/token',
method: 'POST',
header: 'Content-Type: application/x-www-form-urlencoded',
body: {
mode: 'urlencoded',
urlencoded: [
{ key: "client_id", value: pm.collectionVariables.get("clientId"), disabled: false },
{ key: "scope", value: pm.collectionVariables.get("scope"), disabled: false },
{ key: "username", value: pm.collectionVariables.get("username"), disabled: false },
{ key: "password", value: pm.collectionVariables.get("password"), disabled: false },
{ key: "client_secret", value: pm.collectionVariables.get("clientSecret"), disabled: false },
{ key: "grant_type", value: "password", disabled: false },
]
}
}, function (err, res) {
if (err) {
console.log(err);
} else {
pm.test("Status code is 200", () => {
pm.expect(res).to.have.status(200);
});
let resJson = res.json();
pm.collectionVariables.set("bearerTokenExpiresOn", resJson.expires_in);
pm.collectionVariables.set("bearerToken", resJson.id_token);
}
});
}
});
Joshuarrr Karan both are not working with us
We want oauth 2 for better try it experience in the browser, also to attach the required scopes for each endpoint in auth section for better reading at developer side
Hello!
Yeah, oauth2 is very useful, because nowadays even keycloak doesn’t recommend retrieving token from the code without webpage and access_tokens are living for 1-2 hours and even less 
We will release new version 2.5.15 today, including OAuth 2.0 features.
Karan what the expected date for this? because is blocking point for us to migrate to APIdog?
Just wanted to let you know that I found a workaround. I now use a Post Request at the start of my Tests that gets the Bearer Token. Then I save that token into an env-variable. Then I set my auth tab to “Bearer Token” and insert it with the env-variable. The credentials for the initial post request can be saved in secure pipeline variables and then get passed over to apidog with --env-var.
This way you can use OAuth 2.0 fully automatically in the CI/CD-Pipeline
pm.test("Check for collectionVariables", function () {
let vars = ['clientId', 'clientSecret', 'tenantId', 'username', 'password', 'scope'];
vars.forEach(function (item, index, array) {
pm.expect(pm.collectionVariables.get(item), item + " variable not set").to.not.be.undefined;
});
if (!pm.collectionVariables.get("bearerToken") || Date.now() > new Date(pm.collectionVariables.get("bearerTokenExpiresOn") * 1000)) {
pm.sendRequest({
url: 'https://login.microsoftonline.com/' + pm.collectionVariables.get("tenantId") + '/oauth2/v2.0/token',
method: 'POST',
header: 'Content-Type: application/x-www-form-urlencoded',
body: {
mode: 'urlencoded',
urlencoded: [
{ key: "client_id", value: pm.collectionVariables.get("clientId"), disabled: false },
{ key: "scope", value: pm.collectionVariables.get("scope"), disabled: false },
{ key: "username", value: pm.collectionVariables.get("username"), disabled: false },
{ key: "password", value: pm.collectionVariables.get("password"), disabled: false },
{ key: "client_secret", value: pm.collectionVariables.get("clientSecret"), disabled: false },
{ key: "grant_type", value: "password", disabled: false },
]
}
}, function (err, res) {
if (err) {
console.log(err);
} else {
pm.test("Status code is 200", () => {
pm.expect(res).to.have.status(200);
});
let resJson = res.json();
pm.collectionVariables.set("bearerTokenExpiresOn", resJson.expires_in);
pm.collectionVariables.set("bearerToken", resJson.id_token);
}
});
}
});
Joshuarrr Karan both are not working with us
We want oauth 2 for better try it experience in the browser, also to attach the required scopes for each endpoint in auth section for better reading at developer side
Hello!
Yeah, oauth2 is very useful, because nowadays even keycloak doesn’t recommend retrieving token from the code without webpage and access_tokens are living for 1-2 hours and even less
We will release new version 2.5.15 today, including OAuth 2.0 features.